Cyber attacks are rapidly becoming a major threat to proper secure government and military operations. From deployed wireless systems subjected to jamming, denial of service attacks and intrusion attempts, to in-house computers connected to secure networks infiltrated by malicious software, numerous serious computer incidents are increasingly encountered. Low level system tracing, traditionally used for debugging, may be used for host based surveillance. We have developed a framework for detecting abnormal behavior, reacting to the threat, and monitoring the effectiveness of the response before escalation. The main advantage of the new system is the combination of low level tracing information with powerful abstraction and anomaly detection techniques. Our tracing mechanisms extract very detailed execution traces with minimal overhead, increasing the detection capability without affecting operation or alerting the attackers.